Pentesting Certifications

I'm going through certifications in the pentesting field which would give me a hard challenge and where I can prove myself. I'm not really interested if it's recognized by HR. So far I've come up with:

GIAC Certified Penetration Tester (GPEN)
GIAC Reverse Engineering Malware (GREM)
Offensive Security Certified Expert (OSCE)
Offensive Security Certified Professional (OSCP)
Certified Expert Penetration Tester (CEPT)
Certified Penetration Tester (CPT)
Certified Reverse Engineering Analyst (CREA)
Certified Network Offense Professional (NOP)

Are there any other good ones which would fit into the above?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

ibcritn

I would consider this:

Offensive Security Certified Professional (OSCP)

GPEN is also a very good certification. I took the class and learned quite a bit from Mr. Skoudis

JDMurray

Geez...isn't that enough?

How about a cert in social engineering? That's certainly pen testing.

Seriously, make sure that you understand the differences between those certs. They aren't all about exactly the same skills and technologies. Some are about (wired or wireless) network pen testing, (at least) one is about application pen testing, and some are just a general survey of pen testing and related areas, such as incident handling and response. There are also some tools used in pen testing that have their own vendor cert (such as Wireshark).

pentest

I've already completed most of them (CPT, CEPT, OSCP, OSCE, GPEN, CREA), so I was looking for any other certs towards those areas. A social engineering cert would be fun, but I'm not aware of any.

I'm not sure if vendor or tool specific ones are what I'm currently looking for.

iVictor

pentest wrote: »

I've already completed most of them (CPT, CEPT, OSCP, OSCE, GPEN, CREA), so I was looking for any other certs towards those areas. A social engineering cert would be fun, but I'm not aware of any.

I'm not sure if vendor or tool specific ones are what I'm currently looking for.

GREM / CREA is not really pentest stuff but more of a research / offline stuff. You wouldn't do that on a typical pentest engagement, now would ya?

And did you miss this:
SANS 660

pentest

We had quite a few pentests which involved binary auditing/ reversing and exploit development. Clients not always favor source code reviews.

Sec 660 sounds interesting (as does Sec 710), unfortunately there aren't any certifications involved. There would be quite a few other courses which would fit into it, such as Offensive Security's Advanced Windows Exploitation (AWE), but I'm missing the challenge then.

iVictor

Did you check out hackingdojo?

Nobylspoon

Does Mitnick still teach the Certified Social Engineering Prevention Specialist course?

pentest

Yes, thanks for bringing this one up. From my understanding, it's not an advanced course (although there are several 'levels' you can reach), though (similar as with Certified Professional Penetration Tester (eCPPT)).

I assume there aren't too many others as the ones mentioned in the initial post. Guess I'll try to get the ones I'm still missing and see what to do then.

kriscamaro68

pentest wrote: »

I'm going through certifications in the pentesting field which would give me a hard challenge and where I can prove myself. I'm not really interested if it's recognized by HR. So far I've come up with:
GIAC Certified Penetration Tester (GPEN)

GIAC Reverse Engineering Malware (GREM)

Offensive Security Certified Expert (OSCE)

Offensive Security Certified Professional (OSCP)

Certified Expert Penetration Tester (CEPT)

Certified Penetration Tester (CPT)

Certified Reverse Engineering Analyst (CREA)

Certified Network Offense Professional (NOP)

Are there any other good ones which would fit into the above?

If your looking at collecting the entire set of pentesting certs then there is:
elearnsecurity's ECPPT.
Also as another user said Hacking DOJO.
No mention either of CEH but it looks like you are way past that.

xopito

God I gotta done one of that!

rogue2shadow

The RWSP is out there too

http://www.techexams.net/forums/security-certifications/60336-real-world-security-professional-rwsp-certification.html

iVictor

rogue2shadow wrote: »

The RWSP is out there too

http://www.techexams.net/forums/security-certifications/60336-real-world-security-professional-rwsp-certification.html

This is cool.! Their cost is half of that of SANS and curricula / process is realistic, IMO. Only aspect missing perhaps is their geographical coverage. It's still in its nascent stage. Hopefully it'd spread over soon.

Till then SANS it is.

blackhole

JD - I want your take on CEH7 or SANS 504. Which one has better value given consideration as 7 is brand new.

JDMurray

blackhole wrote: »

JD - I want your take on CEH7 or SANS 504. Which one has better value given consideration as 7 is brand new.

A "better value" for what? For learning and practical training regarding incident handling, the GCIH is the better value. For a broad survey of InfoSec topics and recognition by employers, the CEH is the better value.

What's your specific reason(s) for wanting either cert?

blackhole

to supplement CISSP cert. my current job is to configure routers for large customers mpls/internet cloud on edge and private routers. firewalls VPN extensions etc etc. now I want to expand my horizon given CISSP cert prime importance so want something that will give me knowledge as well as value added when I make switch to full time security position.

JDMurray

blackhole wrote: »

I want to expand my horizon given CISSP cert prime importance so want something that will give me knowledge as well as
value added when I make switch to full time security position.

What occupational field(s) do you think that might be? What are your prime interests?

blackhole

that's why I need advise .... I don't want to be pen tester, ultimately i want to step in to risk-management and I want something that will give me boost. so making question easier given a choice of CEH7 or SAN 504 where you will lean ?

docrice

I've heard that CEH version 6 was basically just tools-oriented, while version 7 upped the class more (in terms of what, I'm not sure, so I can't comment much here).

I'm finishing up the 504 course now and plan to sit for the GCIH exam soon. If you want to know "attack tools and methods" in the context of attack phases as well as a balanced perspective from a defender's / incident handler's perspective, I think the SANS route is probably better.

It seems CEH is more recognizable on a resume, although I see some job postings also asking for GIAC certs.

Darril

I was just reviewing the new PenTest magazine (PenTest Extra 01/2012 | Issues | PenTest Magazine) and it was advertising courses for the Social Engineering for Penetration Testers (S.E.P.P.) certification. I had never heard of this before so did a few searches and came up with this page among others. This page (Black Hat ® Technical Security Conference: USA 2012 // Social Engineering for Penetration Testers by Chris Hadnagy and Robin Dreeke) says that it "is a multiple day, hands-on exam (scheduled within 60 days of completing the course) with true-to-life practical tests that will prove you have accomplished the skills needed to earn your S.E.P.P. credentials."

I can't vouch for it, but it certainly sounds like a multiple-day exam would challenge anyone, which is what the original poster was looking for.

Does anyone else know anything about this cert?

Darril

pentest

Thanks Darril, that seems to be an interesting one.

Since my last post, Offensive Security has added two more certifications to their arsenal:

Offensive Security Exploitation Expert (OSEE)
Offensive Security Web Expert (OSWE)

beads

Just how would one test Social Engineering in the real world? Follow a potential attacker around with a video camera? I mean just how do you prove you social engineered anyone? Oh yeah. He got me. Let me do a video interview admitting I'd been had.

Darril

beads wrote: »

Just how would one test Social Engineering in the real world? Follow a potential attacker around with a video camera? I mean just how do you prove you social engineered anyone? Oh yeah. He got me. Let me do a video interview admitting I'd been had.

A couple of techniques I've seen used in actual test are related to tailgating and phishing.

Tailgating. In organizations that require users to enter a cipher code or use a proximity card badge to gain entry, the tester simply walked in with other employees without entering a code or using a proximity card. The fact that the tester is inside is proof that it was successful.

Phishing/spear phishing. An email is spoofed so that it looks like it's coming from someone official and sent to multiple employees. As a classic phishing email, it explains some problem and includes an urgent requirement that user's respond with their username and password. The credentials received by individuals is proof that it was successful.

JDMurray

There are many companies that will do social engineering and phishing testing. Kevin Mitnick's company comes to mind. And I have professional acquaintances that work at phishme. You can certainly make a profession at social engineering.

SephStorm

I think the question was more about how do you test SE skills for an exam.

gabypr

Darril wrote: »

I was just reviewing the new PenTest magazine (PenTest Extra 01/2012 | Issues | PenTest Magazine) and it was advertising courses for the Social Engineering for Penetration Testers (S.E.P.P.) certification. I had never heard of this before so did a few searches and came up with this page among others. This page (Black Hat ® Technical Security Conference: USA 2012 // Social Engineering for Penetration Testers by Chris Hadnagy and Robin Dreeke) says that it "is a multiple day, hands-on exam (scheduled within 60 days of completing the course) with true-to-life practical tests that will prove you have accomplished the skills needed to earn your S.E.P.P. credentials."

I can't vouch for it, but it certainly sounds like a multiple-day exam would challenge anyone, which is what the original poster was looking for.

Does anyone else know anything about this cert?

Darril

I havent heard of this certification, but sounds interesting. Lets see how this certification evolve and increase security awareness and practices.

I didnt see the EC-Council Licensed Penetration Tester LPT certification Ethical Hacking, Information Security, Computer Security, Penetration Testing, Certified Ethical Hacker, Pen Testing, Penetration Tester, Ethical Hacking Training, Network Penetration Testing

JayTheCracker

good ones may be eCPPT, CEH, LPT, CPT, CEPT, OSCP, OSCE, GPEN, GWAPT, GAWN & GXPN

the_hutch

I've got a few to add. I'm surprised nobody has mentioned OSWP (Offensive Security Wireless Professional).

In addition to that, there are all the SecurityTube options, by Vivek Ramachandran. These include:
- SWSE (SecurityTube WiFi Security Expert)
- SMFE (SecurityTube Metasploit Framework Expert)
- SPSE (SecurityTube Python Scripting Expert)